[TOOL][VIDEO] One click Radio S-OFF, SimUnlock (Easy Root & S-OFF Guide)

Search This thread

JonnyFoxtrot

Senior Member
Oct 29, 2010
80
7
Green
If you use this one, you cannot use fastboot commands. If you like to play with your phone, then use the another one. This one is somewhat safer, however. In worst case scenario it is not possible to brick a device by using this tool, although to be honest, the other one has very very strict safety measures, too.

Jonny, the ENG bootloader will also survive a RUU if you do not have radio s-off. :)

Ah well there you go, learn something new and all that :)
 

mamoulian666

Senior Member
Jun 17, 2009
87
7

rosswaa

Senior Member
Apr 13, 2010
1,389
172
done :) not sure what its done but i did it haha

so does this simunlock the phone?
 

nEUTRon666

Senior Member
May 15, 2007
325
64
Aschaffenburg
Do i get this right, if i restore the original partition and re-flash a official ruu my phone is stock again? Just want to make sure that i can go to stock, unrooted, s-on etc anytime ?!
 

xmoo

Retired Recognized Developer
Aug 19, 2006
5,450
1,803
34
Eindhoven
www.Mohammad.Moghtader.net
Do i get this right, if i restore the original partition and re-flash a official ruu my phone is stock again? Just want to make sure that i can go to stock, unrooted, s-on etc anytime ?!

Yes!!! And as I already said, S-OFF in Radio sometimes is done by HTC Repair center...
And sometimes they forget to remove the S-OFF. Had this issue (well good issue :p) with my Girfriends HTC HERO
 

panyan

Senior Member
Oct 4, 2010
1,214
224
XDA Forums
I suggest you guys read the Vision wiki as it has a lot of info about what's going on.

thanks:

"Subsidy Unlock, SuperCID, and Radio S-OFF
[edit] Background
[edit] One at a time. What is Subsidy Unlock and why do I want it?

When you buy your Vision phone from T-Mobile, sold as the "G2", your phone is locked to the phone company's network-- the carrier.

If you travel outside of the coverage area for your carrier, your phone will go into "roaming" mode, and you will be charged up the ass. Now, what can you do about this? You may wish to purchase a local, pre-paid SIM Card in the country in which you're traveling to make calls or perhaps to buy a few day's worth of Internet access. But if you try, you'll find your phone won't take foreign SIM cards.

Similarly, if you're a T-Mobile customer with a G2 and you wanted to use another phone network within the US that uses a GSM network, such as AT&T, you will be unable to use an AT&T SIM card in your phone. It just won't work.

Why won't your phone take non-T-Mobile Sim cards? Because it's been "locked" (or "SIM-locked" or "subsidy locked" or "carrier locked").

SIM-unlocking your phone will offer the benefit of allowing you to use your phone with other carriers.

NOTE: T-Mobile does offer an unlock code to its loyal customers who are traveling overseas. You can call them and request it. However, as the XDA-forums can attest, some people have had difficulty with their codes, causing the phone to be unable to establish a connection to ANY network.

We want to fix that.
[edit] Got it. Next-- what is this "SuperCID" thing?

First let's talk about what a "CID" is in the first place. CID, as best I can tell, stands for "Carrier IDentification" and it's a little number that restricts which software can be installed on a phone. The CID determines for example, that only an officially-signed T-Mobile radio can be installed on a T-Mobile phone. And it's why you can't flash a Vodafone ROM onto a Bell Desire Z.

It may be helpful to think of the CID as a kind of "region coding" like you find on DVDs, where a North American DVD can't be played in a European player. But if you hack your DVD player, you could switch it from a European player to a North American one. Or you might even hack it to play both.

You can do the same with phones. SuperCID is, as the name implies, a universal CID where the phone will accept any kind of firmware image from anyone.
[edit] Finally, what's Radio S-OFF and What Does It Mean to Me?

The "S" stands for "Security".

As scotty2 says, "s-off is the switch that says 'alright, do whatever you want to do - good luck!"

So here's how it works- normally when you boot up, HBOOT (the bootloader) says to the radio, "are you S-ON or S-OFF?" If the radio says "S-ON" then the bootloader WILL prevent you from using most of its commands, and WILL write protect system and recovery. If the radio says "S-OFF", then it will NOT prevent you from using most of its commands, and it will NOT write protect system and recovery.

Even phones that have been "permarooted" still have an S-ON radio.

But- you say, system and recovery haven't been protected since scotty2 figured out how to defeat the emmc protection... That's what permaroot is all about, isn't it?! So surely the radio must already be S-OFF!

Nope. You've had "Label" S-OFF. Not Radio S-OFF.

As scotty2 puts it, "[by patching HBOOT], we forge [messages to HBOOT] so it always looks like the radio says it's S-OFF." This works great so long as you've got a hacked HBOOT. But here's the problem-- people have been getting into trouble by flashing factory firmware over their rooted firmware. First thing it does before writing the ROM is overwrite their patched HBOOT. HBOOT turns on read-only mode on the recovery and /system, and the poor folks get locked out of their phones with the old firmware still there.

Having "real" radio S-OFF, scotty2 says, "will save people from almost-bricking-by-way-of-reflashing-factory-firmware." It also means you'll have unrestricted access to messing with your phone's radio. Although- he notes, the android kernel itself restricts your access to the radio partition. For your safety. "
 

b1gwest

Member
Sep 18, 2009
22
0
I stupidly formatted my SD card after running this tool, so I dont have a backup of my original radio. Does anyone know what it will have most likely been. (UK desire HD from vodafone)
 

plopingo

Senior Member
May 12, 2010
892
188
40
Paris
I'm already S-OFF and SimUnlock (bought Unlocked) but i need SuperCID

Can i use this tools ?

thanks !
 

panyan

Senior Member
Oct 4, 2010
1,214
224
XDA Forums
i used your tool and it worked successfully, to test it i went into the bootloader and went to system info, it has s-off and cid-11111111, i went to check if simunlock worked so i went to simlock on the bootloader, but it did nothing... i was trying it to see if it would confirm that it is unlocked...
 

Marshall1975

Senior Member
Nov 21, 2009
322
42
Lincoln / Taif
Hello

I think im missing something here. I have successfully got S-Off And CID to 1111111 and Clcokwork Mod Installed but when I try to install a custom ROM the phone rebots then I get a Black background with a phone in the middle and an exclamation mark. Not sure where to go from here. Any help would be appreciated.

Thanks
 

nEUTRon666

Senior Member
May 15, 2007
325
64
Aschaffenburg
I would do the normal S-OFF first. That is if you really need both of them.

I'm getting confused....why is the "normal" S-OFF better first? I really flashed my normal Desire a lot, but this stuff confuses me now :) I though doing Radio S-OFF also enables custom flashing of roms via clockworkmod recovery?! Why is the other S-OFF (Engineering SPL?) better first? Where is the disadvantage of Radio S-OFF ?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 377
    NOT COMPATIBLE WITH DEVICES SHIPPED WITH GINGERBREAD 2.3


    One click Radio S-OFF tool

    HTC - Quietly Unlocked

    About:
    This tool will make a Desire HD Radio S-OFF after it has been permrooted with Visionary. After running this tool, you can flash any ROM and kernel to your device using ClockworkMod. No bootloader S-OFF needed! You use this tool at your own risk!

    What's the difference to other methods?
    First of all, this is easy. The steps are straightforward, you do not need to tinker with complicated command line stuff. Radio S-OFF is the way these devices are meant to be made S-OFF, it is a safe way. If you use this method, reverting to stock is very easy! Unfortunately without ENG bootloader (my other tool) you cannot use fastboot commands (advanced stuff) and, for example, my Kernel Update Utility. To make a raw comparison, this tool is for everybody including new users and the eng hboot S-OFF version is for enthusiasts. Many experienced users have both, because having both allows supreme flexibility.

    I recommend to use Radio S-OFF instead of traditional bootloader ENG S-OFF, because this can be more easily removed and is much much safer!


    System requirements:
    • Windows XP SP2 or higher
    • .NET Framework 4.0
    • HTC Sync (or ADB drivers)
    • Desire HD with stock kernel (or Apache14's 1.0.7 / 1.1.4 Sense)
    • It will not work on 1.72.405.3 or higher build, or new radio (12.28b.60.140e_26.03.02.26_M is ok). Downgrade first!!

    So, in detail, the Root & S-OFF process goes like this:
    • Install Visionary
    • Open Visionary and tap temproot, then attempt permroot now. Your device will reboot.
    • Connect your phone to a computer (make sure you have USB Debugging enabled. Connect charge only!)
    • Download the Radio S-OFF tool and place it in the root of your hard drive (c:\[tool folder goes here])
    • Open my "Desire HD easy radio tool.exe" (Windows 7, right click & run as administrator), choose the first option, click "Do it"! There may be a SuperUser request on your phone, allow it.
    • Done. (Remember to click the thanks button)
    • But you might want to continue if you are a new user:
    • If you want to flash a radio (to improve signal and battery life) some day, do ENG S-OFF (no need to use Visionary again, just run the tool)
    • To flash a custom rom: Get Rom manager from the market, which will install a ClockWorkMod recovery for you. Just open it up and tap "Flash ClockworkMod recovery"
    • Download a custom ROM, put it to your SD, and flash it using Rom manager or ClockworkMod itself. You can access ClockworkMod through Rom manager. It is recommended to do "wipe data / factory reset" in ClockworkMod before installing ROM from SD card.

    It will create a backup of your phone partition 7 (radio config) to the root of your sdcard, I recommend to keep that somewhere really safe!

    To go back to S-ON:
    • Flash stock ROM (RUU, not over 1.7)
    • Temproot using Visionary
    • Use my tool, do Stock CID and S-ON (enter brand CID if you had a branded device, see second post)
    • Enjoy your factory-state phone

    If you like my work, please consider: (or just hit the thanks button :D)


    Thanks: Paul O'Brien for visionary, scotty2 and others who found the method to patch P7, Guhl and everyone else who has worked on the G2 root, gfree and wpthis, link to the source code, those have been released under GPL

    Download link is in the end of the second post
    67
    [TOOL][VIDEO] One click Radio S-OFF, SimUnlock (Easy Root Guide)

    FAQ:
    Q: Why is this Radio Tool, does it flash a radio?
    - From end user's view, it has nothing to do with radios, the name comes from the S-OFF technique this tool uses.
    Q: I cannot find "System Info" in SHIP bootloader
    - That is normal, just refer to the CID list when reverting to stock.
    Q: How can I revert to full stock, I have ClockworkMod and/or ENG S-OFF too?
    - Just follow the S-ON instructions.
    Q: Can I use ENG S-OFF with this one? Which one first?
    - Yes you can, it does not really matter, but I would do Radio S-OFF first.
    Q: Does no fastboot stuff mean slow device startup (no HTC Fastboot)?
    - No, I am talking about issuing commands to the bootloader through USB.
    Q: Is this Radio S-OFF permanent, does it go away if I flash RUU/factory reset?
    - It is permanent until you remove it using this tool.
    Q: I already had ENG S-OFF and I ran the tool, how do I find out if it worked?
    - If you used the first option, see bootloader system info. There should be CID-11111111.
    Q: I have now ENG S-OFF and Radio S-OFF, how do I get to stock?
    - Just follow the S-ON instructions, everything will be back to stock.
    Q: I have 1.72 or higher system, what should I do??
    - Downgrade using this guide, or flash Raidroid if you already have ENG S-OFF & ClockworkMod.
    Q: I tried to flash a radio, but it says not allowed!
    - You will also need ENG S-OFF to flash radios, because ENG S-OFF enables fastboot commands.
    Q: I want to make my device stock, I cannot find the RUU but I have a backup of the stock rom.
    - Follow these instructions.
    Checking the device state:
    - Go to the bootloader (turn fastboot off, turn off phone, hold vol- and power)
    - If it says ACE PVT SHIP S-OFF in the first line, your device is Radio S-OFF
    - If it says ACE PVT ENG S-OFF, you have ENG S-OFF, go to System info
    - If system info CID is 11111111, your device is SuperCID
    - And if you can verify either Radio S-OFF or SuperCID (and you did both), it worked fine and you have both of them
    - You can check your original CID by going to radio tool folder with cmd and typing: "adb shell getprop ro.cid"
    CID list:
    - Unbranded: "HTC__001"
    - O2: "O2___102"
    - Orange: "ORANG001"
    - German T-Mobile: "T-MOB101"
    - Vodaphone UK: "VODAP001"
    - More here
    Troubleshooting:
    - "Unknown error, probably connection"? See here, try with WiFi enabled.
    - If that^ did not help, open a command window, go to the tool folder, and type: "adb shell" and "su". Then leave the window in the background, and run the tool again.
    - "SD card failed"? When phone is connected to PC, check with some file manager that SD is accessible and works. Try another SD.
    - Make sure you are rooted by downloading Terminal emulator from the market, write "su", '#' should appear.
    - Check all the requirements. Twice. HTC Sync is mandatory!
    - Keep your phone awake when you are running the tool, a superuser window might appear. You have to allow.
    - Check your SD card, and tell us in the thread if a p7backup appeared on it.
    - If it says Done and the CID does not change in ENG bootloader, you have most likely flashed too new radio.
    Downloadcount:
    v1: 1402 downloads
    v2: 322 downloads
    v2.1: 2396 downloads

    Please do not re-upload the file anywhere.
    11
    Instructions on how to restore branded backup, and do s-on

    As you people may have noticed, it is a lot easier to go to stock when you have the RUU.exe from HTC. In some cases the RUU is not available, and the only option is to restore nandroid backup of the branded rom. After that, the user has to manually remove clockworkmod and then do Stock CID & S-ON with my tool + Visionary unroot. I have now written instructions on how to do that.

    These instructions work if the "starting point" is: Nandroid backup of the original rom in SD, ClockworkMod, Radio S-OFF and SuperCID in the phone (+ hboot_original.bin in SD card from ENG S-OFF tool if you used that). So, let's get started.

    Go to ClockworkMod, and restore branded rom backup. It will take some time, then reboot the phone. Download attached stock recovery, unzip it, and put it to your SD card. Get Easy Radio Tool, and go to it's folder in command window (cmd). Type:

    adb shell
    su (if you get permission denied, you have to do Visionary temproot)
    getprop ro.cid (this will tell you your stock CID, we will use that later, so write it down. It has eight digits.)
    busybox dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21 (it will replace clockworkmod with original recovery)
    busybox dd if=/sdcard/hboot_original.bin of=/dev/block/mmcblk0p18 (ONLY if you had ENG S-OFF, it will give you back SHIP bootloader)
    sync (wait 10 secs after that, then you can close the adb shell window)

    Go to the Easy Radio Tool, and first do Stock CID. Type the stock CID that you previously got to the text field. Click "do it". When that is finished, select S-ON and also click "do it". You can then go to Visionary, and unroot your device.
    Finally, you can go to the bootloader to check that everything is stock, the first line should read: ACE PVT SHIP S-ON.

    Remember that the device has to be in charge only -state all the time. Moving recovery to SD is an exception. Usb debugging has to be enabled, and HTC Sync installed on the PC.

    Huge thanks to specialkey, who tested this method in practice!
    6
    Just to clear some things up with people who are interested in 1.72 & 1.75 non-rootability etc..

    There will NOT be a new version of my tool. I will probably add some more options & functionality in the future, but this tool will not be upgraded to support s-offing newer ROMs. Why? Because HTC has blocked the way this works so thoroughly.

    Then to the question of how to root & s-off the newer builds. There will most probably be a new version of Visionary which works with 1.72 ->, and I will add instructions on how to DOWNGRADE to 1.32. Sorry folks, it just has to be done that way. Many people are working on downgrading the new ones, just stay tuned. I cannot say anything about the schedule, though.
    5
    *edit: sorry, HTC__044 is for HTC ASIA WWE. cross checked with error keys of bootloader (credits to whoever placed it in pastebin)

    Code:
    TMUS    T-MOB010    TMD T-MOB101    TMA T-MOB102    TMNL    T-MOB003    TMCZ    T-MOB004    TMUK    T-MOB005    TMHR    T-MOB006    TMH T-MOB007    TMSK    T-MOB008    Era T-MOB009    TMMK    T-MOBL11    VODA-UK VODAP001    VODA-Germany    VODAP102    VODA-Italy  VODAP405    VODA-SFR    VODAP203    VODA-Spain  VODAP304    VODA-Netherland VODAPE17    VODA-Ireland    VODAP019    VODA-Greece VODAP006    VODA-Portugal   VODAPD18    VODA-Swisscom-WWE   VODAP015    VODA-Swisscom-DE    VODAP110    VODA-Swisscom-FR    VODAP212    VODA-Swisscom-IT    VODAP416    VODA-Australia  VODAP021    VODA-New-Zealand    VODAP022    VODA-Mobilkom   VODAP120    VODA-Proximus   VODAP024    VODA-TR VODAPM27    ORANGE-French   ORANG202    ORANGE-UK   ORANG001    ORANGE-ES   ORANG309    ORANGE-BE   ORANG012    ORANGE-PO   ORANG008    ORANGE-CH-FRA   ORANG203    ORANGE-CH-GER   ORANG104    ORANGE-SK   ORANG006    ORANGE-PL   ORANGB10    ORANGE-AT   ORANG113    GOOGLE  GOOGL001    TELEF-Spain TELEF301    TELUS   TELUS001    DCM DOCOM801    ATT CWS__001    Brightstar-SPA  BSTAR301    Brightstar-PTB  BSTAR502    VIRGIN-UK   VIRGI001    O2-UK   O2___001    HTC-Czech   HTC__C24    HTC-Denmark HTC__F08    HTC-Norway  HTC__H10    HTC-Sweden  HTC__G09    HTC-Poland  HTC__B25    HTC-Russia  HTC__A07    HTC-Turkey  HTC__M27    HTC-GCC HTC__J15    HTC-Australia   HTC__023    HTC-Singapore   HTC-FRA HTC__203    StarHub-Singapore   VODA-Africa-South   HTC__016    AirTel-India    TIM-Italy   TIM__401    H3G-Italy   H3G__402    Optus-Australia OPTUS001    Hutch-Australia HUTCH001    SMC-Voda-HK SMCVD001    Chunghwa-Taiwan CHT__601    Rogers  ROGER001    HTC-EastEurope  HTC__032    HTC-GER HTC__102    HTC-ITA HTC__405    HTC-Dutch   HTC__E11    HTC-Nor HTC__Y13    HTC-WWE HTC__001    HTC-ELL HTC__N34    HTC-SPA HTC__304    HTC-PTG HTC__506    DOPOD   DOPOD701    Open-Channel    HTCCN701    CT  HTCCN702    CU  HTCCN703    HTC-Asia-SEA    HTC__037    HTC-India   HTC__038    Fastweb-IT  FASTW401    O2-DE   O2___102    TWM-TW  HTC__621    Asia-HK-CHT HTC__622    HTC-Asia-SEA-WWE    HTC__044    HTC-FRA-Bouygues    HTC__247    HTC-BE  HTC__E41    VODA-SA VODAP026    ALL 11111111    H3G-DAN H3G__F05    H3G-SWE H3G__G04    H3G-UK  H3G__001    H3G-ROI H3G__003    Bouygues-Telecom    BOUYG201    Telstra TELST001    BM  BM_001  Dopod-China

    Help yourselfs and please confirm that all entries are correct.

    *edit2 idk how to make the code to seem be in a box, sorry for it being in a line.
    FORMAT ---- (CARRIER) (CID)

    *edit3 Forgot to post link to sources (http:[slash][slash]pastebin[dot]com/zFzcH9Wg) .. Cant really post url since under 8 posts. Yes im a lurker